Morto Worm Leaves Windows RDP At Risk


RDP stands for Remote Desktop Protocol, which uses TCP Port 3389 and enables users to control the desktop of the other computer, RDP's are mostly used in organizations and business environments. Recently a new worm named as Morto worm has became the cause behind the spike in traffic to TCP Port 3389 (Which is used by RDP) according to a report by Fsecure.

Zero Day DOS Vulnerability In Apache Leaves Half Of Internet Vulnerable



Few days ago a massive DOS vulnerability was found in Apache's version 1.3 and 2.x, leaving more than 50% of the internet vulnerable to DOS attack, This Dos attack is so powerful that a single computer can take down the whole server. A new tool named Apachekiller has been observed actively in wild.

Android Is The Number 1 Target Of Hackers


If you are an android users, you could be or might be the next victim of hackers, According to a report by Mcafee, Google android has became the number 1 target of hackers, The Mcafee report also says that the recent attacks from hacktivists Anonymous and Lulzsec security helped in driving a massive increase in Online attacks.

Advanced SQL Injection - Defcon 17


According to OWASP top 10 vulnerabilities of 2010, SQL injection is the most dangerous and most common vulnerability around, A SQL Injection vulnerability occurs due to improper input validation or no input validation at all, what I mean by improper or no input validation is the user input is not filtered(for escape characters) before it gets passed to the SQL database, A Sql injection attack can be any many forms, but it's usually categorized into 3 types:

1. Inband
2. Out of band
3. Inferential

While browsing on the internet, I came across an excellent presentation on Advanced SQL Injection techniques by john Mccray, In this presentation john Mccray discusses some of advanced SQL Injection methods and topics such as IDS evasion, filter bypassing etc.


Apple Store Down, Hacked?


Well, currently apple store is down in lots of countries, A rumor is currently floating that if it's hacked or a victim of a Dddos attack, which makes people think if the hackivists group anonymous might be behind this attack, Usually when ever apple store is down, apple arrives with a new product launch, however if this is the case and apple is planning for a new product launch, the apple store should have been down in all other countries.

Top 10 Ways How Hackers Can Hack Facebook Accounts In 2012

Facebook is one of the most widely used social networking site with more than 750 million users, as a reason if which it has become the number 1 target of hackers, I have written a couple of post related to facebook hacking here at RHA, In my previous post which I wrote in 2010 related to facebook hacking and security 4 ways on How to hack facebook password, I mentioned the top methods which were used by hackers to hack facebook accounts, however lots of things have changed in 2012, Lots of methods have went outdated or have been patched up by facebook and lots of new methods have been introduced, So in this post I will write the top 10 methods how hackers can hack facebook accounts in 2011.

Was Myspace Hacked On Friday? - Http/1.1 service unavailable


Earlier friday morning myspace shocked it's users, when the myspace homepage was showing a mysterious message, Lots of people though that anonymous hackivist group might be behind this attack. When ever a visitor came across the myspace homepage the following message was displayed.

We messed up our code so bad that even puppies and kittens may be in danger. Please turn back …now.* Have your pet spayed or neutered.

Lots of people thought that myspace was hacked and the hackers just changed the myspace website with this custom error page, However myspace has been using this error message from 2009 which is occured due to internal errors.

Facebook Will Be Down On November 5 Says Anonymous


Well, here is another shocking news, The famous hackativist group Anonymous claims that they take take down the facebook on november 5. The huge attack is aimed at destroying Facebook. The anonymous hacking group has posted a video in which they explain why will they attack facebook.

Armitage And Metasploit Video Training Course

In my previous post Attacking Windows XP SP2 With Metasploit, I wrote a step by step guide on how to attack a windows xp host with metasploit, Metasploit is a great penetration testing tool, however there are couple of other tools which can make the usage of metasploit much easier, One of the popular tool is Armitage, As defined by it's authors "Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework.Advanced users will find Armitage valuable for managing remote Metasploit instances and collaboration. Armitage's red team collaboration features allow your team to use the same sessions, share data, and communicate through one Metasploit instance."

Attacking Windows XP SP2 With Metasploit


In the previous post related to metasploit "How To Use A Keylogger Inside Metasploit Using Meterpreter?", I explained an easy to to use keylogger inside meterpreter in order to get the victims keystrokes, However after writing that article I received some comments which disappointed me alot, The readers were asking questions like "What Is Metasploit", "What is Meterpreter", So I decided not to jump in to the advanced topics before covering the basics.

Adobe Dreamweaver CS5 Serial Numbers

Adobe dreamveaver is a very powerful web development tool, it's powerful features have made it the number 1 choice of developers and designers.

Black Hole Exploit Kit - A Deadly Russian Crimeware

Russian hackers have a very strong history with Malware development, Infact russians hackers currently own world's most dangerous malwares. One of those dangerous and popular malware's we have is the "Black Hole Exploit Kit". Black hole exploit kit is basically a collection of tons of browser exploit which takes advantage of the vulnerability on user browser in order to infect your computer.



How Does It Works?

When ever a user visits a clean website, the malicious Iframe then redirects the user to the blackhole exploit server, Which then triggers out all the well known exploits on victims browser and gives remote access to the attacker.

Cost

The annual license for blackhole exploit kit costs around 1500$, the semi annual license costs 700$ and the quarterly license costs 700$. The author also gives you option to rent the exploit kit as well as you can host the exploit kit on authors server for a small fee.

Backtrack 5R1 Arriving On 10th August

Well here is another exciting news for all penetration testers and backtrack lovers, Backtrack will launch backtrack r1(release one) on 10th august, According to offensive security team backtrack r1 will come with around 100 bug fixes and in addition to it backtrack 5 rc1 will also include over 30 tools and numerous package updates.
bt5-r1-backtrack

According to offensive security team:
We have a few exciting items to announce in the upcoming month, one of them being BackTrack 5 R1 (Release one) which will be available for download on the 10th of August,2011. This will complete our first 3 month cycle since the last release. With over 100 bug fixes, numerous package updates and the addition of over 30 new tools and scripts – BackTrack 5 R1 will rock. We will have a pre-release event of BackTrack 5 R1 at the BlackHat / Defcon Conference a few days earlier.
 
Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.